PT-2026-44491

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service via Excessive Allocation. An authenticated user with a low-privileged role can submit a specially crafted, oversized...

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

CVE-2026-41948

Dify v1.14.1 (and prior) is affected by a path traversal vulnerability in the Plugin Daemon internal API caused by insufficient URL path sanitization. authenticated users can traverse outside their tenant path using unencoded dot sequences in task IDs or manipulated filename parameters to reach i...

CVE-2026-33461

Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the PasswordHash API endpoint. An attacker can exhaust server memory and cause service disruption by sending multiple concurrent requests to trigger excessive memory allocation...

CVE-2025-66377

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

GHSA-9449-RPHM-MJQR AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...

CVE-2025-34277

CVE-2025-34277 affects Nagios Log Server versions prior to 2024R1.3.1, where a code injection vulnerability arises from inadequate validation of dashboard ID values forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-contro...

Linux Distros Unpatched Vulnerability : CVE-2025-23217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmprox...

[SECURITY] Fedora 41 Update: mupdf-1.25.4-2.fc41

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

UBUNTU-CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from disabling all links, which could lead to problems with internal API calls...

Cisco IOS XR Software MPLS Pseudowire Interfaces Access Control List Bypass (CSCwf99658)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the access control list ACL processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This...

PT-2024-21701 · Toshiba Tec · Toshiba Tec E-Studio Multi-Function Peripheral

Name of the Vulnerable Software and Affected Versions: Product Name affected versions not specified Description: The issue involves hardcoded keys used for authentication to an internal API. If an attacker obtains these private keys, they may bypass authentication and access administrative...

PT-2024-22648 · Dell · Dell Scg

Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API. This could allow a remote low privileged attacker to execute certain...

CVE-2024-20322

A vulnerability in the access control list ACL processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface...

CVE-2024-20322

A vulnerability in the access control list ACL processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface...

Improper access control

A vulnerability in the access control list ACL processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts...

CVE-2024-20315

A vulnerability in the access control list ACL processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts...

CVE-2024-20322

A vulnerability in the access control list ACL processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface...